You are here

MacOS X Ransomware in transmissionbt 2.90

posted by TonyW
on Mon, 03/07/2016 - 16:03

In the first known case of ransomware on MacOS X, KeRanger was inserted into the installer for version 2.90 of the open source project transmissionbt, The transmissionbt team quickly issued fixes, and the new installer for version 2.92 is free of ransomware. I hope that very few people were affected, and that they were able to restore their system from a recent TimeMachine backup. The alternative is sending a bitcoin (worth more than $400US at the moment) to the criminals to get the decryption key. The problem was initially identified by Palo Alto Networks, which described its discovery and more on their website. You can read more of the technical details there. Apple was also quick to respond. Tech Crunch noted that Apple "revoked the abused certificate that was used in the attack and updated its built-in anti-malware system XProtect with a new signature to protect customers". In one sense, it's funny that this cyber attack was embedded in a BitTorrent client, since BitTorrent is often used for sharing of copyrighted material. But in a larger sense, this cyber attack raises questions for project leaders and code committers on FOSS projects. Of course, proprietary software can also be infected with ransomware, but the challenge with FOSS is to look more closely at code contributions. Most FOSS projects are quite careful about limiting who can commit code to the repository, and many established FOSS projects have a well-defined code review process that applies both to the contributions of approved committers and to contributions from others. The KeRanger attack should just serve as a reminder that FOSS project teams must remain diligent in reviewing code contributions so that similar problems do not arise in other projects.